sast-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and analyze untrusted content from a project codebase (source code, configuration files, and dependency manifests). This could allow an attacker to embed instructions that manipulate the agent's behavior during the assessment.\n
- Ingestion points: The skill reads project manifests (
package.json,requirements.txt,go.mod,Gemfile,pom.xml, etc.), Dockerfiles, connection strings, and application source code (SKILL.md).\n - Boundary markers: No delimiters or instructions are used to separate the skill's instructions from the potentially adversarial content within the analyzed files.\n
- Capability inventory: The agent is given capabilities to read files across the repository and write results to the file system (
sast/architecture.md).\n - Sanitization: The instructions do not specify any validation or sanitization of the content extracted from the codebase before it is processed by the AI.
Audit Metadata